cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2452
Views
0
Helpful
7
Replies

ASA security context in HA cluster

tiwang
Level 3
Level 3

hi out there

I have a active-active setup with 2 cisco asa 5585x running 8.4 - the boxes ahve each 2 sec context's build-in - which gives 4 sec context in the cluster. I have 2 x 5 extra licenses (2 x ASA5500-SC-5)  which I haven't applied yet - will this give me a total of 10 or 14 security contextes? I am a bit in doubt because if I only get 10 sec contextes in this cluster then could I instead get a single 10 security context license (1 x ASA5500-SC-10) and add this - hereby I would get 12 then.  

best regards /ti               

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

View solution in original post

7 Replies 7

Jennifer Halim
Cisco Employee
Cisco Employee

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

john.dejesus
Level 1
Level 1

When you apply the 5 extra licenses x2, it will give you a total of 10 security context. - What about the 2 built-in security contexts? it should be 12 total contexts right?

or it should be 14 total contexts?
 

nope - you have to consider how you upgrade - when you apply a 10 sec license the box has 10 sec contextes - not 12 - so in a HA cluster (with 2 phys boxes)  where you apply this to a single host you have 10+2 not 12+2

if you apply this in another way where you but 2 x 5 upgrades for both boxes then you waste 2 contextes

 

and if you similar apply a 10 sec context to the first box and afterwards a 5 context upgrade to the second box you have 15 and not 17 or 19 sec liceses

 

so - before you start upgrade - conside what you want - if you apply it wrong or buy it wrong you are in trouble ;-)

 

 

let's say I have 5515-X_1 without a security context license. And I have another 5515-X_2 with 5 security contexts license. So the total security contexts for ACTIVE/ACTIVE is still 5 total contexts instead of 7. The two built-in security context in 5515-X_1 does not count. Would you know why cisco design this licensing this way?

It's that way for the reason I noted below - 

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: